Data Security & Working Remotely G. Kevin Roper, MBA Chief - PowerPoint PPT Presentation

10 Things You Need to Know About Data Security & Working Remotely G. Kevin Roper, MBA Chief Operating Officer Cynergy Technology kevinr@cynergytech.com https://www.linkedin.com/in/gkevinroper/ 903.720.2032 mobile

DO - USE AVAILABLE TOOLS Use remote connectivity tools to stay in touch with clients and keep business processes flowing.

DON’T - USE SHARED COMPUTERS Don’t access critical business, financial or medical systems from a shared computer the family uses that may already be compromised.

DON’T – PRINT SENSITIVE DATA Don’t print sensitive documents unless you can immediately secure them from unauthorized viewers.

DON’T – BROADCAST A CALL Conversations that would normally pose no problem in the confines of the workplace can create huge legal, reputation and financial consequences when conducted in the open spaces of the home.

DON’T – FALL FOR EMAIL SCAMS Pay special attention to any email containing a link. Ask yourself this question: was I expecting this email from this person today?

DO – LOGOFF YOUR COMPUTER If you have to walk away from your workspace - even for a minute (which may turn in to 10 to 20 minutes) – log out.

DO – USE SECURITY MEASURES VPNS, WPA2 and Bears…Oh My! We are not in Kansas any more, Dorothy…

DO - KNOW THE WEAKEST LINK COVID-19 is not an obstacle to people who want to steal from you – it’s an opportunity.

DO – TALK ABOUT SECURITY Talk to your IT department or managed service provider about security measures.

DO – CARE FOR EMPLOYEES The bottom line is that your people are likely to be under a great deal of personal stress, so it makes sense to raise each other up through this journey.

https://www.us-cert.gov/ncas/current- activity/2020/04/02/fbi-releases-guidance-defending- against-vtc-hijacking-and-zoom https://www.pcmag.com/news/phishing-attacks-increase- 350-percent-amid-covid-19-quarantine https://www.usatoday.com/story/tech/columnist/2020/04/ 04/coronavirus-scams-going-viral-attacking-computers-and- smartphones/2939240001/ https://www.tripwire.com/state-of-security/security- awareness/covid-19-scam-roundup-april-6-2020/ https://staysafeonline.org/covid-19-security-resource- library/

WE CAN HELP – GIVE US A CALL

Use remote connectivity tools to your advantage to stay in touch with clients and keep business processes flowing. Like any tool, always employ best practices in the way you use it if you don’t know what those are – get help from a reputable IT provider. For example, Zoom meetings are a hot topic today. Reading the news, you may hear warnings about Zoom video conferencing. Some large organizations are banning its use entirely. Again, its like any tool – use it incorrectly or unsafely, get bad results. Works great if you follow best practices. If you use Zoom (or any video conferencing service), be sure to: download the latest client don’t publish the meeting number or private password to public forums (yes, some students did this) add security or waiting rooms to all meetings – Zoom has just made this the default for new meetings

Don’t access critical business, financial or medical systems from a shared computer This is equally true for USB thumb drives you have around the house – be very careful with them family computers may already be compromised. USB drives may already be infected. That funny cat video the kids clicked on…the free app your spouse downloaded Hackers love viral videos and “free” downloads for carrying things you didn’t know were there If a hacker has installed a keystroke logging package on your unsecure family computer or USB drive, they can get the login and password to your most sensitive business systems. Use a business computer or have your IT department or vendor inspect your home computer before use. Have that USB drive thoroughly inspected BEFORE you plug it in. Business computers and IT departments and vendors know what to look for: antivirus that is fully patched operating systems with security enabled and updated connections to the internet that are secure files scanned and tested

Don’t print sensitive documents unless you can immediately secure them from unauthorized viewers. If you must print, don’t throw away documents – shred them. A note – as we go through the list, notice how many of these recommendations are “common sense” things you wouldn’t use a computer without updated anti-virus in your work place you wouldn’t print sensitive material and leave it in a break room at the office This risk, like many others, is underestimated when working remotely because it is “our home” A safe place. A comfortable place. And because of that, a risk for critical data to get out in the open. Failing to control sensitive printed information while working remotely at your dining table is no different than taking a secure file from the workplace and leaving it spread out at the local library.

Don’t have business phone calls to discuss patients, clients or workforce members where anyone else can hear confidential information. Again, this is “common sense” at the office but may be overlooked in the living room Conversations that would normally pose no problem in the confines of the workplace can create huge legal, reputation and financial consequences when conducted in the open spaces of the home. Treat every business conversation as confidential and make sure the space you are using is private.

Google has recently reported a 350% jump in malware attacks. Phishing scams are up 667% in one month. This morning, the Dept of Homeland Security, the Cybercrime and Infrastructure Security Agency and the UK’s National Cyber Security Center released a joint global warning. A brief quote: Groups are using the COVID-19 pandemic as part of their cyber operations. These cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware. As frightening as that may sound, protecting yourself against it is relatively simple: Don’t fall for email scams asking for money transfers, sensitive information, gift card purchases, or payroll deposit redirections without TALKING to the person making the request to verify it. Before you open it, ask yourself this question: was I expecting this email from this person today? Pay special attention to any email containing a link. Some of the worst data disasters imaginable start with a single click in the wrong place. If the email does contain a click, hover over it (don’t click it). Many times, a small popup box will tell you what the link will do if you click it. Is that a place you really want to go? Biggest piece of advice – SLOW DOWN. Concentrate and think about what you are about to open.

We talked earlier about not getting too comfortable at home with shared computers, phone conversations, and print materials. Here is another “common sense” practice that should already be practiced in your office space: Do log off or lock your workstation if you have to walk away from your computer – even for a minute, which may turn in to 10 to 20 minutes. Do not leave sensitive information on the screen or critical business systems open and logged in. I’ve done a full hour cybersecurity training all over the east Texas region. One of the consistent questions I get is – is it OK to leave my computer on or logged in my locked office? The answer – in your locked office or on your kitchen table – is NO… It’s the access you didn’t anticipate that will compromise your business. The person on the nightly cleaning crew with a key. The coworker who is about to quit and would like to take key information with him/her. The child who just wanted to watch the Disney Channel and hit the wrong button… Be sure your workstation is secure if you are not on it.

Do use a secure connection to provide end-to-end encryption of data in transit. This can be a VPN to the office Think of this like moving $10 million from one place to another. Sure, you can put it in the backseat of your Ford and drive it to the bank. It might get there safely. Or, you can put it in an armored truck driven by people with machine guns. VPNs give you added security and privacy. Most current firewalls will do a good VPN if they are setup and tested correctly. Other recommendations if you don’t have a VPN: Use a security filtering company that will verify web connection links for safety. Stay off public wi-fi and stop using your neighbor’s unsecured wireless signal (you know who you are…) Update security on your home network. Ensure you are using WiFi encryption (WPA2 is recommended). Change the login and password on your router if possible. If you are not using a home firewall , it’s time to start using one.